FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- multiple vulnerabilities

Affected packages
asterisk11 < 11.8.1
asterisk18 < 1.8.26.1

Details

VuXML ID 03159886-a8a3-11e3-8f36-0025905a4771
Discovery 2014-03-10
Entry 2014-03-10

The Asterisk project reports:

Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.

Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly.

Remote Crash Vulnerability in PJSIP channel driver. A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the "qualify_frequency" configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.

References

CVE Name CVE-2014-2286
CVE Name CVE-2014-2287
CVE Name CVE-2014-2288
URL http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
URL http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
URL http://downloads.asterisk.org/pub/security/AST-2014-003.pdf
URL https://www.asterisk.org/security